Evaluation of a Tool to Increase Cybersecurity Awareness Among Non-experts (SME Employees)

Kaiying Luan; Ragnhild Halvorsrud; Costas Boletsis

doi:10.5220/0011680500003405

Evaluation of a Tool to Increase Cybersecurity Awareness Among Non-experts (SME Employees)

Kaiying Luan, Ragnhild Halvorsrud, Costas Boletsis

2023

Abstract

Humans are the weak link in cybersecurity, hence, this paper considers the human factor in cybersecurity and how the customer journey approach can be used to increase cybersecurity awareness. The Customer Journey Modelling Language (CJML) is used to document and visualise a service process. We expand the CJML formalism to encompass cybersecurity and develop an easy-to-use web application as a supporting tool for training and awareness. We present the results from the usability test with ten persons in the target group and report on usability and feasibility. All participants managed to finish the test, and most participants indicated that the tool was easy to use. By using the tool, non-expert users can make user journey diagrams showing basic conformance in a short time without professional training. For the threat diagram, half of the users achieved full conformance. In conclusion, the tool can serve as low-threshold cybersecurity awareness training for SME employees. We discuss the limitations and validity of the results and future work to improve the tool’s usability.

Download

Paper Citation

in Harvard Style

Luan K., Halvorsrud R. and Boletsis C. (2023). Evaluation of a Tool to Increase Cybersecurity Awareness Among Non-experts (SME Employees). In Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-624-8, pages 509-518. DOI: 10.5220/0011680500003405

in Bibtex Style

@conference{icissp23,
author={Kaiying Luan and Ragnhild Halvorsrud and Costas Boletsis},
title={Evaluation of a Tool to Increase Cybersecurity Awareness Among Non-experts (SME Employees)},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2023},
pages={509-518},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011680500003405},
isbn={978-989-758-624-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Evaluation of a Tool to Increase Cybersecurity Awareness Among Non-experts (SME Employees)
SN - 978-989-758-624-8
AU - Luan K.
AU - Halvorsrud R.
AU - Boletsis C.
PY - 2023
SP - 509
EP - 518
DO - 10.5220/0011680500003405